dcsimg
www.webdeveloper.com
Results 1 to 10 of 10

Thread: HTML source in perl

  1. #1
    Join Date
    Jan 2003
    Posts
    72

    HTML source in perl

    im working on an encryption script in perl however the problem is that when it decrypts the encryption it writes the real html source, is there a way in perl to hide the source when someone goes to view sorce is it only possible to do so in javascript??


    Thanks
    Goran Sterjov

  2. #2
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    Do you mean the final Perl output sent to the user? No. A browser sees no difference if it receives its content from a static page or dynamic program. So this is no different from trynig to hide your source for any other page, which cannot be done.

  3. #3
    Join Date
    Nov 2002
    Location
    Dartmoor [Holiday]
    Posts
    2,382
    You cannot hide the HTML source, but you can make it close to indecipherable. Check out this tool:

    http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

    Adam

  4. #4
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    And also very easily recoverable. All someone would have to do is change document.write to someTextArea.value (generally speaking) to see the results. It also makes your page *completely* dependent on the user having scripting enabled.

  5. #5
    Join Date
    Jan 2003
    Posts
    72
    hmm. well then is there anyway to stop a user from downloading a javascript file directly rather than through the <script src="">.

    i have tried doing it with htaccess and htpasswrd however everytime the user loads the page they need a password.

    Thanks
    Goran

  6. #6
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    JavaScript is executed client-side, which means for their machine to be able to execute the code at all it has to be able to download it. And once it's on the user's machine there is nothing more you can do. There is why JavaScript is not a means to do anything securly.

  7. #7
    Join Date
    Jan 2003
    Posts
    72
    bugger!!

    welll then is there any other way to not show the final output hrough asp or php etc.

    or what if i were to do this:
    <script src="scripts/decrypt.dat"></script>

    would that work? since its a data file with variables in it.


    Thanks Again
    Goran

  8. #8
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    Not for HTML, JavaScript, or anything else parsed client-side. Because in the end the browser on the user's machine must have this available in a readable form. Otherwise your markup doesn't render and your scripts won't execute. And if the code is available and readable on the user's machine, obviously the user will be able to read it. All you can do is on the server-side decide what to send back to the user and what not to.

  9. #9
    Join Date
    Jan 2003
    Posts
    72
    ok, then for the last question

    my javascript is protect by a perl anti leech script.

    so the html code looks like this
    <script src="leech.cgi?decrypt"></script>

    it works fine too

    however does the javascript file go on the system once its loaded, or is that safe enough and no one can get the javascript (besides hackers that is)

    Thanks Again - You've been a great help
    Goran Sterjov

  10. #10
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    however does the javascript file go on the system once its loaded
    Yes, because whatever output leech.cgi?decrypt produces gets sent to the user, otherwise their browser can't run it. This is why nothing client-side can be kept secure, whether it be markup, programming, text, or images.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles